Adding a second TLS implementation

Mathew Heard mat999 at gmail.com
Thu Feb 11 02:28:29 UTC 2021


Kevin,

BoringSSL is already for the most part supported (in code, if not
officially) if I am not mistaken

On Thu, 11 Feb 2021 at 12:02, Kevin Burke <kevin at meter.com> wrote:

> Hi,
> There has been a recent push by some members of the security community to
> try to make more critical code run in memory safe languages, because of the
> high prevalence of security issues related to memory safety, for example,
> use-after-free, double-free or heap buffer vulnerabilities.
>
> In that light, I was wondering if you'd be open to adding a second TLS
> implementation that could be used in place of OpenSSL. Ideally, the target
> would be a TLS implementation in a memory safe language, for example,
> rustls, available at https://github.com/ctz/rustls. Curl just merged a
> patch to support the rustls backend.
>
> This would require a lot of changes to make the TLS implementation
> portable so before investigating it I figured I would see if you're open to
> it at all.
>
> Kevin
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210211/46d96c00/attachment.htm>


More information about the nginx-devel mailing list